From bf6d69d38578245302525395f5f53ac40f441f0c Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Tue, 7 Jun 2016 21:38:28 +0200
Subject: wwsympa systemd service file: Set PrivateTmp=yes.

The CGI wants to create a temp file during bulk subcription.
---
 roles/lists/files/lib/systemd/system/wwsympa.service | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/lists/files/lib/systemd/system/wwsympa.service b/roles/lists/files/lib/systemd/system/wwsympa.service
index b525145..bdbf17e 100644
--- a/roles/lists/files/lib/systemd/system/wwsympa.service
+++ b/roles/lists/files/lib/systemd/system/wwsympa.service
@@ -15,6 +15,7 @@ NoNewPrivileges=yes
 PrivateDevices=yes
 ProtectHome=yes
 ProtectSystem=full
+PrivateTmp=yes
 ReadOnlyDirectories=/
 ReadWriteDirectories=-/var/lib/sympa
 ReadWriteDirectories=-/var/run/sympa
-- 
cgit v1.2.3